Nacha members are reporting increasing concerns with first-party fraud impacting both Originating Depository Financial Institutions (ODFIs) and their Originator customers.  In August 2025, Nacha’s Risk Management Advisory Group (RMAG) published an article detailing the results of an RMAG survey and outlining the scope of first-party fraud in the ACH Network. This article started our stakeholders thinking about what more can be done by various ACH participants. In October 2025, Nacha created a short-term workgroup focused on finding mitigants to the issue of first-party fraud. This workgroup consists of members of RMAG, Nacha’s Rules and Operations Committee, and Nacha’s Lawyers Committee, as well as representatives from Nacha Direct Members with subject matter expertise.  

The workgroup meets every two weeks and is in the process of developing ideas that may evolve into industry education, guidance, rulemaking or other formal initiatives. In the meantime, the workgroup has identified actions that can be taken now by Receiving Depository Financial Institutions (RDFIs) to limit the effects of first-party fraud and reduce the effectiveness of first-party fraud strategies by fraudsters.  

• Calculate an “RDFI Unauthorized Return Rate” for your institution as an RDFI. This calculation can be done by dividing the number of debit returns by the number of debit items received over a set period of time, such as 60 days or two calendar months. The average unauthorized debit return rate for the ACH Network is 0.05%. This average should hold close-to-true for most RDFIs. If the return rate calculated by your institution as an RDFI is significantly higher than the industry average, such as 0.1% (double the industry average), then search for reasons why. One possibility is that fraudsters have identified your institution as one that doesn’t research claims of unauthorized and are now targeting your institution for first-party fraud schemes.
• Regularly identify Receiver accounts at your institution that generate high volumes of R10 unauthorized returns that don’t fit the pattern for typical unauthorized return claims. A high volume of R10s could indicate a customer whose account information has been breached and needs assistance, but it could also indicate a customer that is unduly taking advantage of dispute rights, either wittingly or unwittingly.
• Many consumers see dispute/refund schemes promoted on social media.  Educate your customers about their actual rights to dispute unauthorized transactions under Regulation E and their account terms. Promote proper channels and techniques for consumers to resolve disputes or revoke authorization with Originators. Provide notice that making false claims of unauthorized debits in an attempt to obtain money from a financial institution is against federal law.  For example, Nacha issued Operations Bulletin #1-2023 in March 2023, which updated the sample Written Statement of Unauthorized Debit (WSUD) to include language alerting customers of the risk of potential criminal liability for making false claims of unauthorized ACH debits to their financial institutions. 

When reviewing claims of unauthorized debits submitted by Receivers, utilize information in the ACH entry (and prior entries, if any) when determining if returning the debit to the Originator is warranted. Regulation E states that financial institutions shall investigate promptly any claims of unauthorized debit. Facts that can be researched internally and quickly may include 1) Is this the first time the Originator has debited this Receiver, or is it an established or recurring relationship? 2) Does the individual name in the ACH entry correspond to a name on the Receiver’s account? 3) Was Open Banking and a positive response from your institution used to verify the Receiver’s account by the Originator?  This may show that the Originator and the Receiver have established a relationship. Beyond the required scope of a Reg E investigation, the RDFI can also ask for Proof of Authorization from the ODFI.

While your institution may find it beneficial to update processes and procedures to include these considerations, Nacha wants to emphasize that efforts to identify first-party fraud shouldn’t be a deterrent for a consumer seeking to resolve a legitimate claim of an unauthorized debit. It can be a challenge to both protect consumers and identify fraudsters that abuse consumer protections. Financial institutions should explore available tools to help strike this balance.